diff --git a/manifests/server/puppetserver.pp b/manifests/server/puppetserver.pp index 2dccbd9..502829e 100644 --- a/manifests/server/puppetserver.pp +++ b/manifests/server/puppetserver.pp @@ -1,322 +1,262 @@ # == Class: puppet::server::puppetserver # # Configures the puppetserver jvm configuration file using augeas. # # === Parameters: # # * `java_bin` # Path to the java executable to use # # * `config` # Path to the jvm configuration file. # This file is usually either /etc/default/puppetserver or # /etc/sysconfig/puppetserver depending on your *nix flavor. # # * `jvm_min_heap_size` # Translates into the -Xms option and is added to the JAVA_ARGS # # * `jvm_max_heap_size` # Translates into the -Xmx option and is added to the JAVA_ARGS # # * `jvm_extra_args` # Custom options to pass through to the java binary. These get added to # the end of the JAVA_ARGS variable # # * `jvm_cli_args` # Custom options to pass through to the java binary when using a # puppetserver subcommand, (eg puppetserver gem). These get used # in the JAVA_ARGS_CLI variable. # # * `server_puppetserver_dir` # Puppetserver config directory # # * `server_puppetserver_vardir` # Puppetserver var directory # # * `server_jruby_gem_home` # Puppetserver jruby gemhome # # * `server_cipher_suites` # Puppetserver array of acceptable ciphers # # * `server_ssl_protocols` # Puppetserver array of acceptable ssl protocols # # * `server_max_active_instances` # Puppetserver number of max jruby instances # # * `server_max_requests_per_instance` # Puppetserver number of max requests per jruby instance # # * `server_max_queued_requests` # The maximum number of requests that may be queued waiting # to borrow a JRuby from the pool. # # * `server_max_retry_delay` # Sets the upper limit for the random sleep set as a Retry-After # header on 503 responses returned when max-queued-requests is enabled. # # === Example # # @example # # # configure memory for java < 8 # class {'::puppet::server::puppetserver': # jvm_min_heap_size => '1G', # jvm_max_heap_size => '3G', # jvm_extra_args => '-XX:MaxPermSize=256m', # } # class puppet::server::puppetserver ( $config = $::puppet::server::jvm_config, $java_bin = $::puppet::server::jvm_java_bin, $jvm_extra_args = $::puppet::server::jvm_extra_args, $jvm_cli_args = $::puppet::server::jvm_cli_args, $jvm_min_heap_size = $::puppet::server::jvm_min_heap_size, $jvm_max_heap_size = $::puppet::server::jvm_max_heap_size, $server_puppetserver_dir = $::puppet::server::puppetserver_dir, $server_puppetserver_vardir = $::puppet::server::puppetserver_vardir, $server_puppetserver_rundir = $::puppet::server::puppetserver_rundir, $server_puppetserver_logdir = $::puppet::server::puppetserver_logdir, $server_jruby_gem_home = $::puppet::server::jruby_gem_home, $server_ruby_load_paths = $::puppet::server::ruby_load_paths, $server_cipher_suites = $::puppet::server::cipher_suites, $server_max_active_instances = $::puppet::server::max_active_instances, $server_max_requests_per_instance = $::puppet::server::max_requests_per_instance, $server_max_queued_requests = $::puppet::server::max_queued_requests, $server_max_retry_delay = $::puppet::server::max_retry_delay, $server_ssl_protocols = $::puppet::server::ssl_protocols, $server_ssl_ca_crl = $::puppet::server::ssl_ca_crl, $server_ssl_ca_cert = $::puppet::server::ssl_ca_cert, $server_ssl_cert = $::puppet::server::ssl_cert, $server_ssl_cert_key = $::puppet::server::ssl_cert_key, $server_ssl_chain = $::puppet::server::ssl_chain, $server_crl_enable = $::puppet::server::crl_enable_real, $server_ip = $::puppet::server::ip, $server_port = $::puppet::server::port, $server_http = $::puppet::server::http, $server_http_port = $::puppet::server::http_port, $server_ca = $::puppet::server::ca, $server_dir = $::puppet::server::dir, $codedir = $::puppet::server::codedir, $server_idle_timeout = $::puppet::server::idle_timeout, $server_web_idle_timeout = $::puppet::server::web_idle_timeout, $server_connect_timeout = $::puppet::server::connect_timeout, $server_ca_auth_required = $::puppet::server::ca_auth_required, $server_ca_client_whitelist = $::puppet::server::ca_client_whitelist, $server_admin_api_whitelist = $::puppet::server::admin_api_whitelist, $server_puppetserver_version = $::puppet::server::puppetserver_version, $server_use_legacy_auth_conf = $::puppet::server::use_legacy_auth_conf, $server_check_for_updates = $::puppet::server::check_for_updates, $server_environment_class_cache_enabled = $::puppet::server::environment_class_cache_enabled, $server_jruby9k = $::puppet::server::puppetserver_jruby9k, $server_metrics = $::puppet::server::puppetserver_metrics, $metrics_jmx_enable = $::puppet::server::metrics_jmx_enable, $metrics_graphite_enable = $::puppet::server::metrics_graphite_enable, $metrics_graphite_host = $::puppet::server::metrics_graphite_host, $metrics_graphite_port = $::puppet::server::metrics_graphite_port, $metrics_server_id = $::puppet::server::metrics_server_id, $metrics_graphite_interval = $::puppet::server::metrics_graphite_interval, $metrics_allowed = $::puppet::server::metrics_allowed, $server_experimental = $::puppet::server::puppetserver_experimental, $server_trusted_agents = $::puppet::server::puppetserver_trusted_agents, $allow_header_cert_info = $::puppet::server::allow_header_cert_info, $compile_mode = $::puppet::server::compile_mode, $acceptor_threads = $::puppet::server::acceptor_threads, $selector_threads = $::puppet::server::selector_threads, $ssl_acceptor_threads = $::puppet::server::ssl_acceptor_threads, $ssl_selector_threads = $::puppet::server::ssl_selector_threads, $max_threads = $::puppet::server::max_threads, $ca_allow_sans = $::puppet::server::ca_allow_sans, $ca_allow_auth_extensions = $::puppet::server::ca_allow_auth_extensions, ) { include ::puppet::server - if versioncmp($server_puppetserver_version, '2.2') < 0 { - fail('puppetserver <2.2 is not supported by this module version') + if versioncmp($server_puppetserver_version, '2.7') < 0 { + fail('puppetserver <2.7 is not supported by this module version') } $puppetserver_package = pick($::puppet::server::package, 'puppetserver') $jvm_cmd_arr = ["-Xms${jvm_min_heap_size}", "-Xmx${jvm_max_heap_size}", $jvm_extra_args] $jvm_cmd = strip(join(flatten($jvm_cmd_arr), ' ')) if $::osfamily == 'FreeBSD' { $server_gem_paths = [ '${jruby-puppet.gem-home}', "\"${server_puppetserver_vardir}/vendored-jruby-gems\"", ] # lint:ignore:single_quote_string_with_variables augeas { 'puppet::server::puppetserver::jvm': context => '/files/etc/rc.conf', changes => [ "set puppetserver_java_opts '\"${jvm_cmd}\"'" ], } } else { if $jvm_cli_args { $changes = [ "set JAVA_ARGS '\"${jvm_cmd}\"'", "set JAVA_BIN ${java_bin}", "set JAVA_ARGS_CLI '\"${jvm_cli_args}\"'", ] } else { $changes = [ "set JAVA_ARGS '\"${jvm_cmd}\"'", "set JAVA_BIN ${java_bin}", ] } augeas { 'puppet::server::puppetserver::jvm': lens => 'Shellvars.lns', incl => $config, context => "/files${config}", changes => $changes, } - if versioncmp($server_puppetserver_version, '2.4.99') == 0 { - $bootstrap_paths = "${server_puppetserver_dir}/bootstrap.cfg,${server_puppetserver_dir}/services.d/,/opt/puppetlabs/server/apps/puppetserver/config/services.d/" - } elsif versioncmp($server_puppetserver_version, '2.5') >= 0 { - $bootstrap_paths = "${server_puppetserver_dir}/services.d/,/opt/puppetlabs/server/apps/puppetserver/config/services.d/" - } else { # 2.4 - $bootstrap_paths = "${server_puppetserver_dir}/bootstrap.cfg" - } + $bootstrap_paths = "${server_puppetserver_dir}/services.d/,/opt/puppetlabs/server/apps/puppetserver/config/services.d/" if versioncmp($server_puppetserver_version, '5.3') >= 0 { $server_gem_paths = [ '${jruby-puppet.gem-home}', "\"${server_puppetserver_vardir}/vendored-jruby-gems\"", "\"/opt/puppetlabs/puppet/lib/ruby/vendor_gems\""] # lint:ignore:single_quote_string_with_variables } else { $server_gem_paths = [ '${jruby-puppet.gem-home}', "\"${server_puppetserver_vardir}/vendored-jruby-gems\"", ] # lint:ignore:single_quote_string_with_variables } augeas { 'puppet::server::puppetserver::bootstrap': lens => 'Shellvars.lns', incl => $config, context => "/files${config}", changes => "set BOOTSTRAP_CONFIG '\"${bootstrap_paths}\"'", } if versioncmp($server_puppetserver_version, '5.0') >= 0 { $jruby_jar_changes = $server_jruby9k ? { true => "set JRUBY_JAR '\"/opt/puppetlabs/server/apps/puppetserver/jruby-9k.jar\"'", default => 'rm JRUBY_JAR' } augeas { 'puppet::server::puppetserver::jruby_jar': lens => 'Shellvars.lns', incl => $config, context => "/files${config}", changes => $jruby_jar_changes, } } } - # 2.4.99 configures for both 2.4 and 2.5 making upgrades and new installations easier when the - # precise version available isn't known - if versioncmp($server_puppetserver_version, '2.4.99') >= 0 { - $servicesd = "${server_puppetserver_dir}/services.d" - file { $servicesd: - ensure => directory, - } - file { "${servicesd}/ca.cfg": - ensure => file, - content => template('puppet/server/puppetserver/services.d/ca.cfg.erb'), - } - - unless $::osfamily == 'FreeBSD' { - file { '/opt/puppetlabs/server/apps/puppetserver/config': - ensure => directory, - } - file { '/opt/puppetlabs/server/apps/puppetserver/config/services.d': - ensure => directory, - } - } + $servicesd = "${server_puppetserver_dir}/services.d" + file { $servicesd: + ensure => directory, + } + file { "${servicesd}/ca.cfg": + ensure => file, + content => template('puppet/server/puppetserver/services.d/ca.cfg.erb'), } - if versioncmp($server_puppetserver_version, '2.5') < 0 { - $bootstrapcfg = "${server_puppetserver_dir}/bootstrap.cfg" - file { $bootstrapcfg: - ensure => file, - } - - $ca_enabled_ensure = $server_ca ? { - true => present, - default => absent, - } - - $ca_disabled_ensure = $server_ca ? { - false => present, - default => absent, - } - - file_line { 'ca_enabled': - ensure => $ca_enabled_ensure, - path => $bootstrapcfg, - line => 'puppetlabs.services.ca.certificate-authority-service/certificate-authority-service', - require => File[$bootstrapcfg], - } - - file_line { 'ca_disabled': - ensure => $ca_disabled_ensure, - path => $bootstrapcfg, - line => 'puppetlabs.services.ca.certificate-authority-disabled-service/certificate-authority-disabled-service', - require => File[$bootstrapcfg], - } - - if versioncmp($server_puppetserver_version, '2.3') >= 0 { - $versioned_code_service_ensure = present - } else { - $versioned_code_service_ensure = absent + unless $::osfamily == 'FreeBSD' { + file { '/opt/puppetlabs/server/apps/puppetserver/config': + ensure => directory, } - - file_line { 'versioned_code_service': - ensure => $versioned_code_service_ensure, - path => $bootstrapcfg, - line => 'puppetlabs.services.versioned-code-service.versioned-code-service/versioned-code-service', - require => File[$bootstrapcfg], + file { '/opt/puppetlabs/server/apps/puppetserver/config/services.d': + ensure => directory, } } if versioncmp($server_puppetserver_version, '5.3.6') >= 0 { $ca_conf_ensure = present } else { $ca_conf_ensure = absent } file { "${server_puppetserver_dir}/conf.d/ca.conf": ensure => $ca_conf_ensure, content => template('puppet/server/puppetserver/conf.d/ca.conf.erb'), } file { "${server_puppetserver_dir}/conf.d/puppetserver.conf": ensure => file, content => template('puppet/server/puppetserver/conf.d/puppetserver.conf.erb'), } file { "${server_puppetserver_dir}/conf.d/auth.conf": ensure => file, content => template('puppet/server/puppetserver/conf.d/auth.conf.erb'), } file { "${server_puppetserver_dir}/conf.d/webserver.conf": ensure => file, content => template('puppet/server/puppetserver/conf.d/webserver.conf.erb'), } - if versioncmp($server_puppetserver_version, '2.7') >= 0 { - $product_conf_ensure = file - } else { - $product_conf_ensure = absent - } - file { "${server_puppetserver_dir}/conf.d/product.conf": - ensure => $product_conf_ensure, + ensure => file, content => template('puppet/server/puppetserver/conf.d/product.conf.erb'), } if versioncmp($server_puppetserver_version, '5.0') >= 0 { $metrics_conf = "${server_puppetserver_dir}/conf.d/metrics.conf" $metrics_conf_ensure = $server_metrics ? { true => file, default => absent } file { $metrics_conf: ensure => $metrics_conf_ensure, content => template('puppet/server/puppetserver/conf.d/metrics.conf.erb'), } } } diff --git a/spec/acceptance/puppetserver_upgrade_2_6_0_to_2_7_2_spec.rb b/spec/acceptance/puppetserver_upgrade_2_6_0_to_2_7_2_spec.rb index 632f191..29dceef 100644 --- a/spec/acceptance/puppetserver_upgrade_2_6_0_to_2_7_2_spec.rb +++ b/spec/acceptance/puppetserver_upgrade_2_6_0_to_2_7_2_spec.rb @@ -1,90 +1,90 @@ require 'spec_helper_acceptance' describe 'Scenario: 2.6.0 to 2.7.2 upgrade:', if: ENV['BEAKER_PUPPET_COLLECTION'] == 'pc1' do before(:context) do if check_for_package(default, 'puppetserver') on default, puppet('resource package puppetserver ensure=purged') on default, 'rm -rf /etc/sysconfig/puppetserver /etc/puppetlabs/puppetserver' on default, 'find /etc/puppetlabs/puppet/ssl/ -type f -delete' end # puppetserver won't start with lower than 2GB memory memoryfree_mb = fact('memoryfree_mb').to_i raise 'At least 2048MB free memory required' if memoryfree_mb < 256 end case fact('osfamily') when 'Debian' - from_version = '2.6.0-1puppetlabs1' + from_version = '2.7.0-1puppetlabs1' to_version = '2.7.2-1puppetlabs1' else - from_version = '2.6.0' + from_version = '2.7.0' to_version = '2.7.2' end - context 'install 2.6.0' do + context 'install 2.7.0' do let(:pp) do <<-EOS class { '::puppet': server => true, server_foreman => false, server_reports => 'store', server_external_nodes => '', server_version => '#{from_version}', # only for install test - don't think to use this in production! # https://docs.puppet.com/puppetserver/latest/tuning_guide.html server_jvm_max_heap_size => '256m', server_jvm_min_heap_size => '256m', } EOS end it_behaves_like 'a idempotent resource' describe command('puppetserver --version') do - its(:stdout) { is_expected.to match("puppetserver version: 2.6.0\n") } + its(:stdout) { is_expected.to match("puppetserver version: 2.7.0\n") } end describe service('puppetserver') do it { is_expected.to be_enabled } it { is_expected.to be_running } end describe port('8140') do it { is_expected.to be_listening } end end context 'upgrade to 2.7.2' do let(:pp) do <<-EOS class { '::puppet': server => true, server_foreman => false, server_reports => 'store', server_external_nodes => '', server_version => '#{to_version}', # only for install test - don't think to use this in production! # https://docs.puppet.com/puppetserver/latest/tuning_guide.html server_jvm_max_heap_size => '256m', server_jvm_min_heap_size => '256m', } EOS end it_behaves_like 'a idempotent resource' describe command('puppetserver --version') do its(:stdout) { is_expected.to match("puppetserver version: 2.7.2\n") } end describe service('puppetserver') do it { is_expected.to be_enabled } it { is_expected.to be_running } end describe port('8140') do it { is_expected.to be_listening } end end end diff --git a/spec/classes/puppet_server_puppetserver_spec.rb b/spec/classes/puppet_server_puppetserver_spec.rb index 856de8f..088322e 100644 --- a/spec/classes/puppet_server_puppetserver_spec.rb +++ b/spec/classes/puppet_server_puppetserver_spec.rb @@ -1,653 +1,539 @@ require 'spec_helper' describe 'puppet' do on_os_under_test.each do |os, facts| next if unsupported_puppetmaster_osfamily(facts[:osfamily]) context "on #{os}" do let(:facts) do facts end let(:auth_conf) { '/etc/custom/puppetserver/conf.d/auth.conf' } let(:puppetserver_conf) { '/etc/custom/puppetserver/conf.d/puppetserver.conf' } let(:params) do { server: true, # We set these values because they're calculated server_jvm_config: '/etc/default/puppetserver', server_jvm_min_heap_size: '2G', server_jvm_max_heap_size: '2G', server_jvm_extra_args: '', server_max_active_instances: 2, server_puppetserver_dir: '/etc/custom/puppetserver', - server_puppetserver_version: '2.4.99', + server_puppetserver_version: '2.7.0', } end describe 'with default parameters' do - it { should contain_file('/etc/custom/puppetserver/bootstrap.cfg') } - it { should contain_file_line('ca_enabled').with_ensure('present') } - it { should contain_file_line('ca_disabled').with_ensure('absent') } it { should contain_file('/etc/custom/puppetserver/services.d').with_ensure('directory') } it { should contain_file('/etc/custom/puppetserver/services.d/ca.cfg') .with_content(%r{^puppetlabs.services.ca.certificate-authority-service/certificate-authority-service}) .with_content(%r{^#puppetlabs.services.ca.certificate-authority-disabled-service/certificate-authority-disabled-service}) .without_content(%r{^puppetlabs.trapperkeeper.services.watcher.filesystem-watch-service/filesystem-watch-service}) } if facts[:osfamily] == 'FreeBSD' it { should contain_augeas('puppet::server::puppetserver::jvm') .with_changes(['set puppetserver_java_opts \'"-Xms2G -Xmx2G"\'']) .with_context('/files/etc/rc.conf') } else it { should contain_file('/opt/puppetlabs/server/apps/puppetserver/config').with_ensure('directory') } it { should contain_file('/opt/puppetlabs/server/apps/puppetserver/config/services.d').with_ensure('directory') } it { should contain_augeas('puppet::server::puppetserver::bootstrap') - .with_changes('set BOOTSTRAP_CONFIG \'"/etc/custom/puppetserver/bootstrap.cfg,/etc/custom/puppetserver/services.d/,/opt/puppetlabs/server/apps/puppetserver/config/services.d/"\'') + .with_changes('set BOOTSTRAP_CONFIG \'"/etc/custom/puppetserver/services.d/,/opt/puppetlabs/server/apps/puppetserver/config/services.d/"\'') } it { should contain_augeas('puppet::server::puppetserver::jvm') .with_changes(['set JAVA_ARGS \'"-Xms2G -Xmx2G"\'', 'set JAVA_BIN /usr/bin/java']) .with_context('/files/etc/default/puppetserver') .with_incl('/etc/default/puppetserver') .with_lens('Shellvars.lns') } end it { should contain_file('/etc/custom/puppetserver/conf.d/ca.conf').with_ensure('absent') } it { should contain_file(puppetserver_conf) .without_content(/^# Settings related to the puppet-admin HTTP API$/) .without_content(/^puppet-admin: \{$/) .without_content(/^\s+client-whitelist: \[$/) .without_content(/^\s+"localhost"\,$/) .without_content(/^\s+"puppetserver123.example.com"\,$/) } it { should contain_file('/etc/custom/puppetserver/conf.d/webserver.conf') .with_content(/ssl-host:\s0\.0\.0\.0/) .with_content(/ssl-port:\s8140/) .without_content(/ host:\s/) .without_content(/ port:\s8139/) .without_content(/selector-threads:/) .without_content(/acceptor-threads:/) .without_content(/ssl-selector-threads:/) .without_content(/ssl-acceptor-threads:/) .without_content(/max-threads:/) } it { should contain_file(auth_conf) .with_content(/allow-header-cert-info: false/) .with_content(%r{^\s+path: "/puppet-ca/v1/certificate_status"}) .with_content(/^\s+name: "puppetlabs cert status"/) .with_content(%r{^\s+path: "/puppet-ca/v1/certificate_statuses"}) .with_content(/^\s+name: "puppetlabs cert statuses"/) .with_content(%r{^\s+path: "/puppet-admin-api/v1/environment-cache"}) .with_content(/^\s+name: "environment-cache"/) .with_content(%r{^\s+path: "/puppet-admin-api/v1/jruby-pool"}) .with_content(/^\s+name: "jruby-pool"/) } end describe 'server_puppetserver_vardir' do context 'with default parameters' do it { should contain_file(puppetserver_conf).with_content(%r{^ master-var-dir: /opt/puppetlabs/server/data/puppetserver$}) } end context 'with custom server_puppetserver_vardir' do let(:params) { super().merge(server_puppetserver_vardir: '/opt/custom/puppetserver') } it { should contain_file(puppetserver_conf).with_content(%r{^ master-var-dir: /opt/custom/puppetserver$}) } end end describe 'use-legacy-auth-conf' do context 'with default parameters' do it { should contain_file(puppetserver_conf).with_content(/^ use-legacy-auth-conf: false$/) } end context 'when use-legacy-auth-conf = true' do let(:params) { super().merge(server_use_legacy_auth_conf: true) } it { should contain_file(puppetserver_conf).with_content(/^ use-legacy-auth-conf: true$/) } end end describe 'environment-class-cache-enabled' do context 'with default parameters' do it { should contain_file(puppetserver_conf).with_content(/^ environment-class-cache-enabled: false$/) } end context 'when environment-class-cache-enabled = true' do let(:params) { super().merge(server_environment_class_cache_enabled: true) } it { should contain_file(puppetserver_conf).with_content(/^ environment-class-cache-enabled: true$/) } end - - context 'when server_puppetserver_version < 2.4' do - let(:params) { super().merge(server_puppetserver_version: '2.2.2') } - it { should contain_file(puppetserver_conf).without_content('environment-class-cache-enabled') } - end end describe 'server_max_requests_per_instance' do context 'with default parameters' do it { should contain_file(puppetserver_conf).with_content(/^ max-requests-per-instance: 0$/) } end context 'custom server_max_requests_per_instance' do let(:params) { super().merge(server_max_requests_per_instance: 123_456) } it { should contain_file(puppetserver_conf).with_content(/^ max-requests-per-instance: 123456$/) } end end describe 'server_max_queued_requests' do context 'when server_puppetserver_version >= 5.0' do let(:params) { super().merge(server_puppetserver_version: '5.0.0') } context 'with default parameters' do it { should contain_file(puppetserver_conf).with_content(/^ max-queued-requests: 0\n/) } end context 'with custom server_max_queued_requests' do let(:params) { super().merge(server_max_queued_requests: 100) } it { should contain_file(puppetserver_conf).with_content(/^ max-queued-requests: 100\n/) } end end context 'when server_puppetserver_version < 5.0 with default parameters' do - let(:params) { super().merge(server_puppetserver_version: '2.7.0') } it { should contain_file(puppetserver_conf).without_content('max-queued-requests') } end end describe 'server_max_retry_delay' do context 'when server_puppetserver_version >= 5.0' do let(:params) { super().merge(server_puppetserver_version: '5.0.0') } context 'with default parameters' do it { should contain_file(puppetserver_conf).with_content(/^ max-retry-delay: 1800\n/) } end context 'with custom server_max_retry_delay' do let(:params) { super().merge(server_max_retry_delay: 100) } it { should contain_file(puppetserver_conf).with_content(/^ max-retry-delay: 100\n/) } end end context 'when server_puppetserver_version < 5.0 with default parameters' do - let(:params) { super().merge(server_puppetserver_version: '2.7.0') } it { should contain_file(puppetserver_conf).without_content('max-retry-delay') } end end - describe 'versioned-code-service' do - context 'when server_puppetserver_version >= 2.5' do - let(:params) { super().merge(server_puppetserver_version: '2.5.0') } - it { should_not contain_file_line('versioned_code_service') } - end - - context 'when server_puppetserver_version >= 2.3 and < 2.5' do - let(:params) { super().merge(server_puppetserver_version: '2.3.1') } - it 'should have versioned-code-service in bootstrap.cfg' do - should contain_file_line('versioned_code_service') - .with_ensure('present') - .with_path('/etc/custom/puppetserver/bootstrap.cfg') - .with_line('puppetlabs.services.versioned-code-service.versioned-code-service/versioned-code-service') - .that_requires('File[/etc/custom/puppetserver/bootstrap.cfg]') - end - end - - context 'when server_puppetserver_version < 2.3' do - let(:params) { super().merge(server_puppetserver_version: '2.2.2') } - it 'should not have versioned-code-service in bootstrap.cfg' do - should contain_file_line('versioned_code_service') - .with_ensure('absent') - .with_path('/etc/custom/puppetserver/bootstrap.cfg') - .with_line('puppetlabs.services.versioned-code-service.versioned-code-service/versioned-code-service') - .that_requires('File[/etc/custom/puppetserver/bootstrap.cfg]') - end - end - end - - describe 'bootstrap.cfg' do - context 'when server_puppetserver_version >= 2.5' do - let(:params) { super().merge(server_puppetserver_version: '2.5.0') } - it { should_not contain_file('/etc/custom/puppetserver/bootstrap.cfg') } - it { should_not contain_file_line('ca_enabled') } - it { should_not contain_file_line('ca_disabled') } - end - - context 'when server_puppetserver_version < 2.4.99' do - let(:params) { super().merge(server_puppetserver_version: '2.4.98') } - it { should contain_file('/etc/custom/puppetserver/bootstrap.cfg') } - it { - should contain_file_line('ca_enabled') - .with_ensure('present') - .with_path('/etc/custom/puppetserver/bootstrap.cfg') - .with_line('puppetlabs.services.ca.certificate-authority-service/certificate-authority-service') - .that_requires('File[/etc/custom/puppetserver/bootstrap.cfg]') - } - it { - should contain_file_line('ca_disabled') - .with_ensure('absent') - .with_path('/etc/custom/puppetserver/bootstrap.cfg') - .with_line('puppetlabs.services.ca.certificate-authority-disabled-service/certificate-authority-disabled-service') - .that_requires('File[/etc/custom/puppetserver/bootstrap.cfg]') - } - unless facts[:osfamily] == 'FreeBSD' - it { - should contain_augeas('puppet::server::puppetserver::bootstrap') - .with_changes('set BOOTSTRAP_CONFIG \'"/etc/custom/puppetserver/bootstrap.cfg"\'') - .with_context('/files/etc/default/puppetserver') - .with_incl('/etc/default/puppetserver') - .with_lens('Shellvars.lns') - } - end - end - end - describe 'ca.cfg' do - context 'when server_puppetserver_version >= 2.5' do - let(:params) { super().merge(server_puppetserver_version: '2.5.0') } - it { should contain_file('/etc/custom/puppetserver/services.d').with_ensure('directory') } + it { should contain_file('/etc/custom/puppetserver/services.d').with_ensure('directory') } + it { + should contain_file('/etc/custom/puppetserver/services.d/ca.cfg') + .with_content(%r{^puppetlabs.services.ca.certificate-authority-service/certificate-authority-service}) + .with_content(%r{^#puppetlabs.services.ca.certificate-authority-disabled-service/certificate-authority-disabled-service}) + } + unless facts[:osfamily] == 'FreeBSD' + it { should contain_file('/opt/puppetlabs/server/apps/puppetserver/config').with_ensure('directory') } + it { should contain_file('/opt/puppetlabs/server/apps/puppetserver/config/services.d').with_ensure('directory') } it { - should contain_file('/etc/custom/puppetserver/services.d/ca.cfg') - .with_content(%r{^puppetlabs.services.ca.certificate-authority-service/certificate-authority-service}) - .with_content(%r{^#puppetlabs.services.ca.certificate-authority-disabled-service/certificate-authority-disabled-service}) + should contain_augeas('puppet::server::puppetserver::bootstrap') + .with_changes('set BOOTSTRAP_CONFIG \'"/etc/custom/puppetserver/services.d/,/opt/puppetlabs/server/apps/puppetserver/config/services.d/"\'') + .with_context('/files/etc/default/puppetserver') + .with_incl('/etc/default/puppetserver') + .with_lens('Shellvars.lns') } - unless facts[:osfamily] == 'FreeBSD' - it { should contain_file('/opt/puppetlabs/server/apps/puppetserver/config').with_ensure('directory') } - it { should contain_file('/opt/puppetlabs/server/apps/puppetserver/config/services.d').with_ensure('directory') } - it { - should contain_augeas('puppet::server::puppetserver::bootstrap') - .with_changes('set BOOTSTRAP_CONFIG \'"/etc/custom/puppetserver/services.d/,/opt/puppetlabs/server/apps/puppetserver/config/services.d/"\'') - .with_context('/files/etc/default/puppetserver') - .with_incl('/etc/default/puppetserver') - .with_lens('Shellvars.lns') - } - end end - context 'when server_puppetserver_version >= 2.5 and server_ca => false' do - let(:params) do - super().merge( - server_puppetserver_version: '2.5.0', - server_ca: false - ) - end + context 'when server_ca => false' do + let(:params) { super().merge(server_ca: false) } it { should contain_file('/etc/custom/puppetserver/services.d/ca.cfg') .with_content(%r{^#puppetlabs.services.ca.certificate-authority-service/certificate-authority-service}) .with_content(%r{^puppetlabs.services.ca.certificate-authority-disabled-service/certificate-authority-disabled-service}) } end - context 'when server_puppetserver_version < 2.4.99' do - let(:params) { super().merge(server_puppetserver_version: '2.4.98') } - it { should_not contain_file('/etc/custom/puppetserver/services.d') } - it { should_not contain_file('/etc/custom/puppetserver/services.d/ca.cfg') } - it { should_not contain_file('/opt/puppetlabs/server/apps/puppetserver/config') } - it { should_not contain_file('/opt/puppetlabs/server/apps/puppetserver/config/services.d') } - end - context 'when server_puppetserver_version >= 5.1' do let(:params) { super().merge(server_puppetserver_version: '5.1.0') } it { should contain_file('/etc/custom/puppetserver/services.d/ca.cfg') .with_content(%r{^puppetlabs.services.ca.certificate-authority-service/certificate-authority-service}) .with_content(%r{^#puppetlabs.services.ca.certificate-authority-disabled-service/certificate-authority-disabled-service}) .with_content(%r{^puppetlabs.trapperkeeper.services.watcher.filesystem-watch-service/filesystem-watch-service}) } end end describe 'product.conf' do - context 'when server_puppetserver_version >= 2.7' do - let(:params) { super().merge(server_puppetserver_version: '2.7.0') } - - context 'with default parameters' do - it { - should contain_file('/etc/custom/puppetserver/conf.d/product.conf') - .with_content(/^\s+check-for-updates: true/) - } - end - - context 'with server_check_for_updates => false' do - let(:params) { super().merge(server_check_for_updates: false) } - it { - should contain_file('/etc/custom/puppetserver/conf.d/product.conf') - .with_content(/^\s+check-for-updates: false/) - } - end + context 'with default parameters' do + it { + should contain_file('/etc/custom/puppetserver/conf.d/product.conf') + .with_content(/^\s+check-for-updates: true/) + } end - context 'when server_puppetserver_version < 2.7' do - let(:params) { super().merge(server_puppetserver_version: '2.6.0') } - it { should contain_file('/etc/custom/puppetserver/conf.d/product.conf').with_ensure('absent') } + context 'with server_check_for_updates => false' do + let(:params) { super().merge(server_check_for_updates: false) } + it { + should contain_file('/etc/custom/puppetserver/conf.d/product.conf') + .with_content(/^\s+check-for-updates: false/) + } end end describe 'server_metrics' do context 'when server_puppetserver_version < 5.0' do - let(:params) { super().merge(server_puppetserver_version: '2.7.0') } - context 'when server_metrics => true' do let(:params) { super().merge(server_puppetserver_metrics: true) } it { should contain_file(puppetserver_conf) .without_content(/^ metrics-enabled: (.*)$/) .with_content(/^profiler: \{\n # enable or disable profiling for the Ruby code;\n enabled: true/) } it { should_not contain_file('/etc/custom/puppetserver/conf.d/metrics.conf') } end context 'when server_metrics => false' do let(:params) { super().merge(server_puppetserver_metrics: false) } it { should contain_file(puppetserver_conf) .without_content(/^ metrics-enabled: (.*)$/) .with_content(/^profiler: \{\n # enable or disable profiling for the Ruby code;\n enabled: false/) } it { should_not contain_file('/etc/custom/puppetserver/conf.d/metrics.conf') } end end context 'when server_puppetserver_version >= 5.0' do let(:params) { super().merge(server_puppetserver_version: '5.0.0') } context 'when server_metrics => true' do let(:params) do super().merge( server_puppetserver_metrics: true, server_metrics_graphite_enable: true, server_metrics_graphite_host: 'graphitehost.example.com', server_metrics_graphite_port: 2003, server_metrics_server_id: 'puppetserver.example.com', server_metrics_graphite_interval: 5, server_metrics_allowed: ['single.element.array'], ) end it { should contain_file(puppetserver_conf) .with_content(/^ # Whether to enable http-client metrics; defaults to 'true'.\n metrics-enabled: true$(.*)/) .with_content(/^profiler: \{\n # enable or disable profiling for the Ruby code;\n enabled: true/) } it { should contain_file('/etc/custom/puppetserver/conf.d/metrics.conf') .with_content(/^( *)metrics-allowed: \[\n( *)"single.element.array",\n( *)\]/) .with_content(/^( *)server-id: "puppetserver.example.com"/) .with_content(/^( *)jmx: \{\n( *)enabled: true/) .with_content(/^( *)graphite: \{\n( *)enabled: true/) .with_content(/^( *)host: "graphitehost.example.com"/) .with_content(/^( *)port: 2003/) .with_content(/^( *)update-interval-seconds: 5/) } end context 'when server_metrics => false' do let(:params) { super().merge(server_puppetserver_metrics: false) } it { should contain_file(puppetserver_conf) .with_content(/^ # Whether to enable http-client metrics; defaults to 'true'.\n metrics-enabled: false$/) .with_content(/^profiler: \{\n # enable or disable profiling for the Ruby code;\n enabled: false/) } it { should contain_file('/etc/custom/puppetserver/conf.d/metrics.conf').with_ensure('absent') } end end end describe 'server_experimental' do context 'when server_puppetserver_version < 5.0' do - let(:params) { super().merge(server_puppetserver_version: '2.7.0') } - context 'when server_experimental => true' do let(:params) { super().merge(server_puppetserver_experimental: true) } it { should contain_file(auth_conf).without_content(%r{^(\ *)path: "/puppet/experimental"$}) } end context 'when server_experimental => false' do let(:params) { super().merge(server_puppetserver_experimental: false) } it { should contain_file(auth_conf).without_content(%r{^(\ *)path: "/puppet/experimental"$}) } end end context 'when server_puppetserver_version >= 5.0' do let(:params) { super().merge(server_puppetserver_version: '5.0.0') } context 'when server_experimental => true' do let(:params) { super().merge(server_puppetserver_experimental: true) } it { should contain_file(auth_conf).with_content(%r{^(\ *)path: "/puppet/experimental"$}) } end context 'when server_experimental => false' do let(:params) { super().merge(server_puppetserver_experimental: false) } it { should contain_file(auth_conf).without_content(%r{^(\ *)path: "/puppet/experimental"$}) } end end end describe 'puppet tasks information' do context 'when server_puppetserver_version < 5.1' do - let(:params) { super().merge(server_puppetserver_version: '5.0.0') } it { should contain_file(auth_conf).without_content(%r{^(\ *)path: "/puppet/v3/tasks"$}) } end context 'when server_puppetserver_version >= 5.1' do let(:params) { super().merge(server_puppetserver_version: '5.1.0') } it { should contain_file(auth_conf).with_content(%r{^(\ *)path: "/puppet/v3/tasks"$}) } end end describe 'puppet facts upload' do context 'when server_puppetserver_version >= 5.3' do let(:params) { super().merge(server_puppetserver_version: '5.3.0') } it { should contain_file(auth_conf).with_content(%r{^(\ *)path: "\^/puppet/v3/facts/(.*)$}) } end context 'when server_puppetserver_version < 5.3' do let(:params) { super().merge(server_puppetserver_version: '5.2.0') } it { should contain_file(auth_conf).without_content(%r{^(\ *)path: "\^/puppet/v3/facts/(.*)$}) } end end describe 'server_trusted_agents' do context 'when set' do - let(:params) do - super().merge( - server_puppetserver_version: '2.7.0', - server_puppetserver_trusted_agents: ['jenkins', 'octocatalog-diff'] - ) - end + let(:params) { super().merge(server_puppetserver_trusted_agents: ['jenkins', 'octocatalog-diff']) } it { should contain_file(auth_conf).with_content(/^ allow: \["jenkins", "octocatalog-diff", "\$1"\]$/) } end end describe 'server_jruby9k', unless: facts[:osfamily] == 'FreeBSD' do context 'when server_puppetserver_version < 5.0' do - let(:params) { super().merge(server_puppetserver_version: '2.7.0') } context 'when server_jruby9k => true' do let(:params) { super().merge(server_puppetserver_jruby9k: true) } it { should_not contain_augeas('puppet::server::puppetserver::jruby_jar') } end context 'when server_jruby9k => false' do let(:params) { super().merge(server_puppetserver_jruby9k: false) } it { should_not contain_augeas('puppet::server::puppetserver::jruby_jar') } end end context 'when server_puppetserver_version >= 5.0' do let(:params) { super().merge(server_puppetserver_version: '5.0.0') } context 'when server_jruby9k => true' do let(:params) { super().merge(server_puppetserver_jruby9k: true) } it do should contain_augeas('puppet::server::puppetserver::jruby_jar') .with_changes(['set JRUBY_JAR \'"/opt/puppetlabs/server/apps/puppetserver/jruby-9k.jar"\'']) .with_context('/files/etc/default/puppetserver') .with_incl('/etc/default/puppetserver') .with_lens('Shellvars.lns') end end context 'when server_jruby9k => false' do let(:params) { super().merge(server_puppetserver_jruby9k: false) } it do should contain_augeas('puppet::server::puppetserver::jruby_jar') .with_changes(['rm JRUBY_JAR']) .with_context('/files/etc/default/puppetserver') .with_incl('/etc/default/puppetserver') .with_lens('Shellvars.lns') end end end end describe 'with extra_args parameter' do let(:params) { super().merge(server_jvm_extra_args: ['-XX:foo=bar', '-XX:bar=foo']) } if facts[:osfamily] == 'FreeBSD' it { should contain_augeas('puppet::server::puppetserver::jvm') .with_changes(['set puppetserver_java_opts \'"-Xms2G -Xmx2G -XX:foo=bar -XX:bar=foo"\'']) .with_context('/files/etc/rc.conf') } else it { should contain_augeas('puppet::server::puppetserver::jvm') .with_changes([ 'set JAVA_ARGS \'"-Xms2G -Xmx2G -XX:foo=bar -XX:bar=foo"\'', 'set JAVA_BIN /usr/bin/java' ]) .with_context('/files/etc/default/puppetserver') .with_incl('/etc/default/puppetserver') .with_lens('Shellvars.lns') } end end describe 'with cli_args parameter', unless: facts[:osfamily] == 'FreeBSD' do let(:params) { super().merge(server_jvm_cli_args: '-Djava.io.tmpdir=/var/puppettmp') } it do should contain_augeas('puppet::server::puppetserver::jvm') .with_changes([ 'set JAVA_ARGS \'"-Xms2G -Xmx2G"\'', 'set JAVA_BIN /usr/bin/java', 'set JAVA_ARGS_CLI \'"-Djava.io.tmpdir=/var/puppettmp"\'' ]) .with_context('/files/etc/default/puppetserver') .with_incl('/etc/default/puppetserver') .with_lens('Shellvars.lns') end end describe 'with jvm_config file parameter' do let(:params) { super().merge(server_jvm_config: '/etc/custom/puppetserver') } if facts[:osfamily] == 'FreeBSD' it { should contain_augeas('puppet::server::puppetserver::jvm').with_context('/files/etc/rc.conf') } else it do should contain_augeas('puppet::server::puppetserver::jvm') .with_context('/files/etc/custom/puppetserver') .with_incl('/etc/custom/puppetserver') .with_lens('Shellvars.lns') end end end describe 'gem-path' do - context 'when server_puppetserver_version > 2.7 but < 5.3' do - let(:params) { super().merge(server_puppetserver_version: '5.0.0') } - + context 'when server_puppetserver_version < 5.3' do it do should contain_file(puppetserver_conf) .with_content(%r{^ gem-path: \[\$\{jruby-puppet.gem-home\}, "/opt/puppetlabs/server/data/puppetserver/vendored-jruby-gems"\]$}) end end context 'when server_puppetserver_version >= 5.3' do let(:params) { super().merge(server_puppetserver_version: '5.3.0') } if facts[:osfamily] == 'FreeBSD' it do should contain_file(puppetserver_conf) .with_content(%r{^ gem-path: \[\$\{jruby-puppet.gem-home\}, "/var/puppet/server/data/puppetserver/vendored-jruby-gems"\]$}) end else it do should contain_file(puppetserver_conf) .with_content(%r{^ gem-path: \[\$\{jruby-puppet.gem-home\}, "/opt/puppetlabs/server/data/puppetserver/vendored-jruby-gems", "/opt/puppetlabs/puppet/lib/ruby/vendor_gems"\]$}) end end end end describe 'Puppet Server CA related settings' do context 'when server_puppetserver_version < 5.3.6' do let(:params) { super().merge(server_puppetserver_version: '5.3.5') } context 'with default parameters' do it { should contain_file('/etc/custom/puppetserver/conf.d/ca.conf').with_ensure('absent') } it { should contain_file(auth_conf).without_content(/^( *)pp_cli_auth: "true"$/) } end end context 'when server_puppetserver_version >= 5.3.6' do let(:params) { super().merge(server_puppetserver_version: '5.3.6') } context 'with default parameters' do it { should contain_file('/etc/custom/puppetserver/conf.d/ca.conf') .with_ensure('present') .with_content(/^( *)allow-subject-alt-names: false$/) .with_content(/^( *)allow-authorization-extensions: false$/) } it { should contain_file(auth_conf).with_content(/^( *)pp_cli_auth: "true"$/) } end context 'with ca parameters set' do let(:params) { super().merge( server_ca_allow_sans: true, server_ca_allow_auth_extensions: true, ) } it { should contain_file('/etc/custom/puppetserver/conf.d/ca.conf') .with_ensure('present') .with_content(/^( *)allow-subject-alt-names: true$/) .with_content(/^( *)allow-authorization-extensions: true$/) } end end end - describe 'when server_puppetserver_version < 2.2' do - let(:params) { super().merge(server_puppetserver_version: '2.1.0') } - it { should raise_error(Puppet::Error, /puppetserver <2.2 is not supported by this module version/) } + describe 'when server_puppetserver_version < 2.7' do + let(:params) { super().merge(server_puppetserver_version: '2.6.0') } + it { should raise_error(Puppet::Error, /puppetserver <2.7 is not supported by this module version/) } end describe 'allow jetty specific server threads' do context 'with thread config' do let(:params) do super().merge( server_selector_threads: 1, server_acceptor_threads: 2, server_ssl_selector_threads: 3, server_ssl_acceptor_threads: 4, server_max_threads: 5 ) end it { is_expected.to compile.with_all_deps } it { is_expected.to contain_file('/etc/custom/puppetserver/conf.d/webserver.conf'). with_content(/selector-threads: 1/). with_content(/acceptor-threads: 2/). with_content(/ssl-selector-threads: 3/). with_content(/ssl-acceptor-threads: 4/). with_content(/max-threads: 5/) } end end end end end diff --git a/templates/server/puppetserver/conf.d/puppetserver.conf.erb b/templates/server/puppetserver/conf.d/puppetserver.conf.erb index 6c6a179..c7908df 100644 --- a/templates/server/puppetserver/conf.d/puppetserver.conf.erb +++ b/templates/server/puppetserver/conf.d/puppetserver.conf.erb @@ -1,122 +1,118 @@ # configuration for the JRuby interpreters jruby-puppet: { # Where the puppet-agent dependency places puppet, facter, etc... # Puppet server expects to load Puppet from this location ruby-load-path: [ <%- @server_ruby_load_paths.each do |ruby_load_path| -%> <%= ruby_load_path %>, <%- end -%> ] # This setting determines where JRuby will install gems. It is used for loading gems, # and also by the `puppetserver gem` command line tool. gem-home: <%= @server_jruby_gem_home %> -<%- if scope.function_versioncmp([@server_puppetserver_version, '2.7']) >= 0 -%> # This setting defines the complete "GEM_PATH" for jruby. If set, it should include # the gem-home directory as well as any other directories that gems can be loaded # from (including the vendored gems directory for gems that ship with puppetserver) gem-path: [<%= @server_gem_paths.join(', ') %>] -<%- end -%> # PLEASE NOTE: Use caution when modifying the below settings. Modifying # these settings will change the value of the corresponding Puppet settings # for Puppet Server, but not for the Puppet CLI tools. This likely will not # be a problem with master-var-dir, master-run-dir, or master-log-dir unless # some critical setting in puppet.conf is interpolating the value of one # of the corresponding settings, but it is important that any changes made to # master-conf-dir and master-code-dir are also made to the corresponding Puppet # settings when running the Puppet CLI tools. See # https://docs.puppetlabs.com/puppetserver/latest/puppet_conf_setting_diffs.html#overriding-puppet-settings-in-puppet-server # for more information. # (optional) path to puppet conf dir; if not specified, will use # the puppet default master-conf-dir: <%= @server_dir %> # (optional) path to puppet code dir; if not specified, will use # the puppet default master-code-dir: <%= @codedir %> # (optional) path to puppet var dir; if not specified, will use # the puppet default master-var-dir: <%= @server_puppetserver_vardir %> # (optional) path to puppet run dir; if not specified, will use # the puppet default master-run-dir: <%= @server_puppetserver_rundir %> # (optional) path to puppet log dir; if not specified, will use # the puppet default master-log-dir: <%= @server_puppetserver_logdir %> # (optional) maximum number of JRuby instances to allow max-active-instances: <%= @server_max_active_instances %> # (optional) the number of HTTP requests a given JRuby instance will handle in its lifetime. max-requests-per-instance: <%= @server_max_requests_per_instance %> <%- if scope.function_versioncmp([@server_puppetserver_version, '5.0']) >= 0 -%> # (optional) The maximum number of requests that may be queued waiting to borrow a JRuby from the pool. max-queued-requests: <%= @server_max_queued_requests %> # (optional) Sets the upper limit for the random sleep set as a Retry-After header on 503 responses returned when max-queued-requests is enabled. max-retry-delay: <%= @server_max_retry_delay %> <%- end -%> # (optional) Authorize access to Puppet master endpoints via rules # specified in the legacy Puppet auth.conf file (if true) or via rules # specified in the Puppet Server HOCON-formatted auth.conf (if false or not # specified). use-legacy-auth-conf: <%= @server_use_legacy_auth_conf %> -<%- if scope.function_versioncmp([@server_puppetserver_version, '2.3']) >= 0 -%> # (optional) enable or disable environment class cache environment-class-cache-enabled: <%= @server_environment_class_cache_enabled %> -<%- end -%> <%- if @compile_mode %> compile-mode: <%= @compile_mode %> <%- end -%> } # settings related to HTTPS client requests made by Puppet Server http-client: { # A list of acceptable protocols for making HTTPS requests ssl-protocols: [ <%- @server_ssl_protocols.each do |protocol| -%> <%= protocol %>, <%- end -%> ] # A list of acceptable cipher suites for making HTTPS requests cipher-suites: [ <%- @server_cipher_suites.each do |cipher| -%> <%= cipher %>, <%- end -%> ] <%- if scope.function_versioncmp([@server_puppetserver_version, '5.0']) >= 0 -%> # Whether to enable http-client metrics; defaults to 'true'. metrics-enabled: <%= @server_metrics %> <%- end -%> # The amount of time, in milliseconds, that an outbound HTTP connection # will wait for data to be available before closing the socket. If not # defined, defaults to 20 minutes. If 0, the timeout is infinite and if # negative, the value is undefined by the application and governed by the # system default behavior. idle-timeout-milliseconds: <%= @server_idle_timeout %> # The amount of time, in milliseconds, that an outbound HTTP connection will # wait to connect before giving up. Defaults to 2 minutes if not set. If 0, # the timeout is infinite and if negative, the value is undefined in the # application and governed by the system default behavior. connect-timeout-milliseconds: <%= @server_connect_timeout %> } # settings related to profiling the puppet Ruby code profiler: { # enable or disable profiling for the Ruby code; enabled: <%= @server_metrics %> }